To: vim_dev@googlegroups.com Subject: Patch 9.0.1160 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 9.0.1160 Problem: ASAN error for ufunc_T allocated with wrong size. Solution: Make sure the size can always fit the struct. Files: src/userfunc.c *** ../vim-9.0.1159/src/userfunc.c 2023-01-08 19:54:06.952281443 +0000 --- src/userfunc.c 2023-01-08 20:28:46.544912868 +0000 *************** *** 641,646 **** --- 641,659 ---- return name; } + /* + * Allocate a "ufunc_T" for a function called "name". + * Makes sure the size is right. + */ + static ufunc_T * + alloc_ufunc(char_u *name) + { + // When the name is short we need to make sure we allocate enough bytes for + // the whole struct, including any padding. + size_t len = offsetof(ufunc_T, uf_name) + STRLEN(name) + 1; + return alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len); + } + #if defined(FEAT_LUA) || defined(PROTO) /* * Registers a native C callback which can be called from Vim script. *************** *** 652,658 **** char_u *name = get_lambda_name(); ufunc_T *fp; ! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (fp == NULL) return NULL; --- 665,671 ---- char_u *name = get_lambda_name(); ufunc_T *fp; ! fp = alloc_ufunc(name); if (fp == NULL) return NULL; *************** *** 1356,1362 **** } name = get_lambda_name(); ! ufunc = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (ufunc == NULL) goto erret; set_ufunc_name(ufunc, name); --- 1369,1375 ---- } name = get_lambda_name(); ! ufunc = alloc_ufunc(name); if (ufunc == NULL) goto erret; set_ufunc_name(ufunc, name); *************** *** 1557,1563 **** char_u *line_end; char_u *name = get_lambda_name(); ! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (fp == NULL) goto errret; fp->uf_def_status = UF_NOT_COMPILED; --- 1570,1576 ---- char_u *line_end; char_u *name = get_lambda_name(); ! fp = alloc_ufunc(name); if (fp == NULL) goto errret; fp->uf_def_status = UF_NOT_COMPILED; *************** *** 2558,2564 **** return FAIL; } ! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(global) + 1); if (fp == NULL) return FAIL; --- 2571,2577 ---- return FAIL; } ! fp = alloc_ufunc(global); if (fp == NULL) return FAIL; *************** *** 5081,5087 **** } } ! fp = alloc_clear(offsetof(ufunc_T, uf_name) + STRLEN(name) + 1); if (fp == NULL) goto erret; fp_allocated = TRUE; --- 5094,5100 ---- } } ! fp = alloc_ufunc(name); if (fp == NULL) goto erret; fp_allocated = TRUE; *************** *** 5525,5534 **** ufunc_T * copy_function(ufunc_T *fp) { ! // The struct may have padding, make sure we allocate at least the size of ! // the struct. ! size_t len = offsetof(ufunc_T, uf_name) + STRLEN(fp->uf_name) + 1; ! ufunc_T *ufunc = alloc_clear(len < sizeof(ufunc_T) ? sizeof(ufunc_T) : len); if (ufunc == NULL) return NULL; --- 5538,5544 ---- ufunc_T * copy_function(ufunc_T *fp) { ! ufunc_T *ufunc = alloc_ufunc(fp->uf_name); if (ufunc == NULL) return NULL; *** ../vim-9.0.1159/src/version.c 2023-01-08 19:54:06.952281443 +0000 --- src/version.c 2023-01-08 20:25:33.781208548 +0000 *************** *** 697,698 **** --- 697,700 ---- { /* Add new patch number below this line */ + /**/ + 1160, /**/ -- Eye have a spelling checker, it came with my PC; It plainly marks four my revue mistakes I cannot sea. I've run this poem threw it, I'm sure your please to no, It's letter perfect in it's weigh, my checker tolled me sew! /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// \\\ \\\ sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///